By default, the WordPress backend uses the url mysite.com/wp-admin to access the dashboard. So, any username and password scanners can make allow the access to at least make an attempt. Changing the username from admin can help too.

A level of security is to allow only specified ip addresses to access the wp-admin directory.

To make the wp-admin only accessible from your pc you can add the following code into the .htaccess file within the wp-admin directory,